In the first part of our document on User Profile Service Application we talked about various SharePoint & Windows components involved, we talked about the Need & utility of User Profile Service Application. This is part two, which talks about the Details of setting up the User profile Service application along with details of events which happen under the hood on SharePoint & SQL servers. 

Let’s get into the details of Setting up the User Profile Service Application

Start the “User Profile Service”

1)     When we start the “User Profile Service” from the Central Administration UI, we first start with provisioning the User Profile Service instance.

w3wp.exe (0x1330)                0x0FA4    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject UserProfileServiceInstance. Version: 2695 Ensure: False, HashCode: 62397089, Id: 015a5fa0-9411-4261-8c33-9f67f24b3c2d,
Stack Trace:
at Microsoft.SharePoint.Administration.SPPersistedObject.BaseUpdate()
at Microsoft.SharePoint.Administration.SPServiceInstance.Provision()
at Microsoft.SharePoint.Administration.SPIisWebServiceInstance.Provision()

w3wp.exe (0x1330)                0x0FA4    SharePoint Foundation           Topology umbj        Verbose   Deserializing the type named Microsoft.Office.Server.Administration.UserProfileServiceInstance, Microsoft.Office.Server.UserProfiles, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c and with id d246fe04-de1e-48f1-9c9e-a57ee2392d98.            

 

Create the “User Profile Service Application”

Now that the “User Profile Service” has started, the next step is to create the “User Profile Service Application” from the CA UI. When we do this, we see the following activities,

1)      We do a HTTP POST to the Central Admin Site’s /NewProfileServiceApplicationSettings.aspx file with “CreateNewProfileServiceApplication” parameter.

w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Logging Correlation Data        xmnv       Medium  Name=Request (POST:http://o14mss-srv:8000/_admin/NewProfileServiceApplicationSettings.aspx?scenarioid=CreateNewProfileServiceApplication&IsDlg=1) 

2)      We start with creating an Application-Pool for the User Profiles Service Application

w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject SPIisWebServiceApplicationPool Name=UPASrvAPP. Version: -1 Ensure: False, HashCode: 11644687, Id: 90f0851a-3497-4f5e-88d8-d2cbfaf45ab9
Call Stack:
at Microsoft.SharePoint.Administration.SPPersistedObject.BaseUpdate()
at Microsoft.SharePoint.Administration.SPIisWebServiceApplicationPool.Update()
at Microsoft.SharePoint.WebControls.IisWebServiceApplicationPoolSection.GetOrCreateApplicationPool()

3)      We then update the Objects table with each of the databases that we created during the provisioning of the UPA Service.

w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject ProfileDatabase Name=Profile DB. Version: -1 Ensure: False, HashCode: 2151613, Id: 6e4d6dff-6f48-42c2-8bf8-ae7fd306c4cc 
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject SynchronizationDatabase Name=Sync DB. Version: -1 Ensure: False, HashCode: 62396789, Id: b2578d3b-3811-47a7-858e-c713cc150e75 
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject SocialDatabase Name=Social DB. Version: -1 Ensure: False, HashCode: 64676437, Id: 309c639e-e042-4f9d-9ed9-0685c25eb31f

4)      In this step we create the databases and provision the schema of the databases.
The database scripts which are located in C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Template\SQL\SPS\ are used to provision the Profile, Social & the Sync database. Once the databases are created, we update the objects table in the configuration database with this new DB objects.

Note: we just create the blank Sync DB but don’t have any schema for it at this stage.

ProfileDB
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Database 7t68         High        Provisioning the Profile DB database with the script at C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Template\SQL\SPS\ProfileSRP.sql
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Upgrade  fbv7         Medium  [w3wp] [ProfileDatabaseSequence] [DEBUG] [8/24/2010 4:11:50 PM]: Executing SQL DDL Script.
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject ProfileDatabase Name=Profile DB. Version: 4676 Ensure: False, HashCode: 2151613, Id: 6e4d6dff-6f48-42c2-8bf8-ae7fd306c4cc

SyncDB
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Database 7t68         High        Provisioning the Sync DB database with the script at C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Template\SQL\SPS\drop_procs.sql.
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject SynchronizationDatabase Name=Sync DB. Version: 4678 Ensure: False, HashCode: 62396789, Id: b2578d3b-3811-47a7-858e-c713cc150e75

SocialDB
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Database 7t68         High        Provisioning the Social DB database with the script at C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Template\SQL\SPS\SocialSRP.sql. 
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Upgrade  fbv7         Medium  [w3wp] [SocialDatabaseSequence] [DEBUG] [8/24/2010 4:12:04 PM]: Executing SQL DDL Script.
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject SocialDatabase Name=Social DB. Version: 4680 Ensure: False, HashCode: 64676437, Id: 309c639e-e042-4f9d-9ed9-0685c25eb31f

 

5)      Next the account that is used to provision the UPA is added to the db_owner group of the 3 databases which were created.  

w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Database 944r         High        Adding S-1-5-21-####93##-345###178#-25#####213-#### to the role, db_owner, in the database, Profile DB.
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Database 944r         High        Adding S-1-5-21-####93##-345###178#-25#####213-#### to the role, db_owner, in the database, Sync DB.
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Database 944r         High        Adding S-1-5-21-####93##-345###178#-25#####213-#### to the role, db_owner, in the database, Social DB.

6)      Next step is to install User profile localization.
The XML file used while installing the  localization is C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Template\SQL\SPS\PeopleDBLoc.xml

w3wp.exe (0x13AC)                0x1364    SharePoint Portal Server        User Profiles           62tn         Medium                UserProfileLocalizationInstaller.Install (BEGIN)
w3wp.exe (0x13AC)                0x1364    SharePoint Portal Server        User Profiles           62to         Medium  End- FileStream(templateFile = C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Template\SQL\SPS\PeopleDBLoc.xml, FileMode.Open)
w3wp.exe (0x13AC)                0x1364    SharePoint Portal Server        User Profiles           62tv         Medium                UserProfileLocalizationInstaller.Install (END)

During the User profile localization, we provision the schema of the profile DB and tables like PropertyList & PropertyListLoc get updated.

Verbose ULS logs should be used for details on the tables that are updated.

 

7)      We then install the following timer jobs for the User Profile Application. Note here that the User profile Application name used during this setup is 'UPASrvAPP'. You will observe here that the object name that is installed is “Microsoft.Office.Server.ActivityFeed.ActivityFeedUPAJob”, however the timer job name in UPASrvAPP_ActivityFeedJob.

 

w3wp.exe (0x13AC)                0x1364    SharePoint Portal Server        User Profiles           f2ni          High        Installing scheduled job 'Microsoft.Office.Server.ActivityFeed.ActivityFeedUPAJob' for app 'UPASrvAPP'.
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject ActivityFeedUPAJob Name=UPASrvAPP_ActivityFeedJob. Version: -1 Ensure: False, HashCode: 44930099, Id: 63d3ad1c-fa71-4d4c-b3b3-d34fd30b6115
w3wp.exe (0x13AC)                0x1364    SharePoint Portal Server        User Profiles           f2ni          High        Installing scheduled job 'Microsoft.Office.Server.ActivityFeed.ActivityFeedCleanupUPAJob' for app 'UPASrvAPP'.
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject ActivityFeedCleanupUPAJob Name=UPASrvAPP_ActivityFeedCleanupJob. Version: -1 Ensure: False, HashCode: 27904457, Id: 0a438c5f-4091-4688-8aba-ee0e269f2b1f
w3wp.exe (0x13AC)                0x1364    SharePoint Portal Server        User Profiles           f2ni          High        Installing scheduled job 'Microsoft.Office.Server.UserProfiles.UserProfileChangeCleanupJob' for app 'UPASrvAPP'. 
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject UserProfileChangeCleanupJob Name=UPASrvAPP_UserProfileChangeCleanupJob. Version: -1 Ensure: False, HashCode: 3922893, Id: 252b7f3c-57a7-4192-9f49-95267c49d1fc,

w3wp.exe (0x13AC)                0x1364    SharePoint Portal Server        User Profiles           f2ni          High        Installing scheduled job 'Microsoft.Office.Server.UserProfiles.UserProfileChangeJob' for app 'UPASrvAPP'.          
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject UserProfileChangeJob Name=UPASrvAPP_UserProfileChangeJob. Version: -1 Ensure: False, HashCode: 46655038, Id: 573bffc2-2437-41f9-9c68-d0387c400066,
w3wp.exe (0x13AC)                0x1364    SharePoint Portal Server        User Profiles           f2ni          High        Installing scheduled job 'Microsoft.Office.Server.UserProfiles.UserProfileImportJob' for app 'UPASrvAPP'.           
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject UserProfileImportJob Name=UPASrvAPP_ProfileImportJob. Version: -1 Ensure: False, HashCode: 10818822, Id: cac98965-5331-4b65-a6f2-a1f7db7c6372,
w3wp.exe (0x13AC)                0x1364    SharePoint Portal Server        User Profiles           f2ni          High        Installing scheduled job 'Microsoft.Office.Server.UserProfiles.MySiteEmailJob' for app 'UPASrvAPP'.
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject MySiteEmailJob Name=UPASrvAPP_MySiteSuggestionEmailJob. Version: -1 Ensure: False, HashCode: 45310382, Id: b79887b1-fd09-4c57-9f10-7c4bb8795815,
w3wp.exe (0x13AC)                0x1364    SharePoint Portal Server        User Profiles           f2ni          High        Installing scheduled job 'Microsoft.Office.Server.Administration.UserProfileApplication+LanguageSynchronizationJob' for app 'UPASrvAPP'.                    
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject LanguageSynchronizationJob Name=UPASrvAPP_LanguageSynchronizationJob. Version: -1 Ensure: False, HashCode: 38932675, Id: 4195a48d-041d-405c-8c33-f3a4f3286360,
w3wp.exe (0x13AC)                0x1364    SharePoint Portal Server        User Profiles           f2ni          High        Installing scheduled job 'Microsoft.Office.Server.Administration.ILMProfileSynchronizationJob' for app 'UPASrvAPP'.         
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject ILMProfileSynchronizationJob Name=UPASrvAPP_ProfileSynchronizationJob. Version: -1 Ensure: False, HashCode: 55305768, Id: 133ceb63-41b0-4a5f-9388-08de6ec54625,
w3wp.exe (0x13AC)                0x1364    SharePoint Portal Server        User Profiles           f2ni          High        Installing scheduled job 'Microsoft.Office.Server.Audience.AudienceCompilationJob' for app 'UPASrvAPP'.
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject AudienceCompilationJob Name=UPASrvAPP_AudienceCompilationJob. Version: -1 Ensure: False, HashCode: 60363419, Id: ad941c97-e871-4db2-941c-74ba1e45fddf,     
w3wp.exe (0x13AC)                0x1364    SharePoint Portal Server        User Profiles           f2ni          High        Installing scheduled job 'Microsoft.Office.Server.SocialData.SocialDataMaintenanceJob' for app 'UPASrvAPP'.
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject SocialDataMaintenanceJob Name=UPASrvAPP_SocialDataMaintenanceJob. Version: -1 Ensure: False, HashCode: 5708714, Id: aa8c4651-be3e-4ee6-81a0-baf324b06ddc,
w3wp.exe (0x13AC)                0x1364    SharePoint Portal Server        User Profiles           f2nl          High        Installing scheduled job 'Microsoft.Office.Server.UserProfiles.WSSSweepSyncJob' for proxy 'UPASrvAPP'.
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject WSSSweepSyncJob Name=UPASrvAPP_SweepSync. Version: -1 Ensure: False, HashCode: 14950152, Id: 9e5b5276-eb4d-47bc-b03b-f8fa57ec98ca, Stack:  
w3wp.exe (0x13AC)                0x1364    SharePoint Portal Server        User Profiles           f2nl          High        Installing scheduled job 'Microsoft.Office.Server.UserProfiles.WSSProfileSyncJob' for proxy 'UPASrvAPP'.
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject WSSProfileSyncJob Name=UPASrvAPP_ProfSync. Version: -1 Ensure: False, HashCode: 30901231, Id: a48bf385-9946-4c1d-beda-33bc889ccfb5,
w3wp.exe (0x13AC)                0x1364    SharePoint Portal Server        User Profiles           f2nl          High        Installing scheduled job 'Microsoft.Office.Server.SocialData.SocialRatingSyncJob' for proxy 'UPASrvAPP'.
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject SocialRatingSyncJob Name=UPASrvAPP_SocialRatingSyncJob. Version: -1 Ensure: False, HashCode: 23720487, Id: 57e1fe31-323b-4235-a8ef-bd6b2fd6ba75,

8)      After we have finished with the Timer jobs creation, the Service Account is given read access to configuration database and added to the “WSS_Content Application Pool” roles for the SharePoint configuration and Admin databases.

 

w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 944s        High        Granting S-1-5-21-####93##-345###178#-25#####213-#### read access to the configuration database, SharePoint_Config.
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Database 944r         High        Adding S-1-5-21-####93##-345###178#-25#####213-#### to the role, WSS_Content_Application_Pools, in the database, SharePoint_Config.
w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Database 944r         High        Adding S-1-5-21-####93##-345###178#-25#####213-#### to the role, WSS_Content_Application_Pools, in the database, SharePoint_AdminContent_10a69e01-7256-40f7-940f-6091b30abc8f.

OWSTimer then takes over from here

9)      OWSTimer starts with creating the application pool in IIS for the User profile service application. After creating the application pool, we start with adding service account to IIS_WPG, WSS_SPG and PerformanceMonitorUsers group.

 

OWSTIMER.EXE (0x0F90)       0x0F88    SharePoint Foundation           Topology bmt5       High        Creating new application pool '90f0851a34974f5e88d8d2cbfaf45ab9'.
OWSTIMER.EXE (0x0F90)       0x0F88    SharePoint Foundation           Topology 96ft         Medium  Adding O14NETWORK\spadmin to local group IIS_WPG.
OWSTIMER.EXE (0x0F90)       0x0F88    SharePoint Foundation           Topology 96ft         Medium  Adding O14NETWORK\spadmin to local group WSS_WPG.
OWSTIMER.EXE (0x0F90)       0x0F88    SharePoint Foundation           Topology 96ft         Medium  Adding O14NETWORK\spadmin to local group PerformanceMonitorUsers.
OWSTIMER.EXE (0x0F90)       0x0F88    SharePoint Foundation           Topology 9sis          Medium  Attempting to give SE_ASSIGNPRIMARYTOKEN_NAME privilege to application pool user O14NETWORK\spadmin
OWSTIMER.EXE (0x0F90)       0x0F88    SharePoint Foundation           Topology 9sit          Medium  Attempting to give SE_INCREASE_QUOTA_NAME privilege to application pool user O14NETWORK\spadmin
OWSTIMER.EXE (0x0F90)       0x0F88    SharePoint Foundation           Topology bmt6       High        Application pool '90f0851a34974f5e88d8d2cbfaf45ab9' provisioning complete.

 

10)   We then provision the User Profile service application in IIS under the Web Application – “SharePoint Web Services”. The name of the site in IIS is the GUID itself - 7893b48ca91a4a869ec58af25f298a16.

 

OWSTIMER.EXE (0x0F90)       0x0F88    SharePoint Foundation           Topology bmu8       High        Provisioning application '/7893b48ca91a4a869ec58af25f298a16' on site 'SharePoint Web Services' with application pool '90f0851a34974f5e88d8d2cbfaf45ab9'.
OWSTIMER.EXE (0x0F90)       0x0F88    SharePoint Foundation           Topology bmu9       High        Adding new application '/7893b48ca91a4a869ec58af25f298a16' on site 'SharePoint Web Services' at physical path 'C:\Program Files\Microsoft Office Servers\14.0\WebServices\Profile'.
OWSTIMER.EXE (0x0F90)       0x0F88    SharePoint Foundation           Topology bmv2       High        Setting application pool for application '/7893b48ca91a4a869ec58af25f298a16' on site 'SharePoint Web Services' to '90f0851a34974f5e88d8d2cbfaf45ab9'.

We enable the HTTP & HTTPS protocol for the UPA Service Application

OWSTIMER.EXE (0x0F90)       0x0F88    SharePoint Foundation           Topology bmv3       High        Setting enabled protocols for application '/7893b48ca91a4a869ec58af25f298a16' on site 'SharePoint Web Services' to 'http,https'.  

Last we update the web.config file for the Web Services root saying that UPA service Application is provisioned.

OWSTIMER.EXE (0x0F90)       0x0F88    SharePoint Foundation           Topology umav       High        Updating web service application id to '7893b48c-a91a-4a86-9ec5-8af25f298a16' for web.config 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\Root\web.config'.
OWSTIMER.EXE (0x0F90)       0x0F88    SharePoint Foundation           Topology umaw      High        Updating web.config 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\WebServices\Root\web.config' for web service application 'UPASrvAPP' (7893b48ca91a4a869ec58af25f298a16).
             

 Finally we commit these IIS configuration changes.

 

After finishing with above steps within owstimer.exe process we shift back to W3wp.exe process and continue from where we left off.

NOTE:

  • The service account and the farm account is O14network\Spadmin.
  • The default site application pool is running with user account O14network\webAppPoolAcc  and the SID info for these accounts are,

O14network\Spadmin (SID S-1-5-21-####93##-345###178#-25#####213-####)
O14network\webAppPoolAcc (S-1-5-##-146#####74-####581781-2#####213-1###)

11)   Now we add both the user account O14network\Spadmin & O14network\webAppPoolAcc as DB_Owner for Profile, Sync & Social databases.

w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Database 944r         High        Adding S-1-5-21-####93##-345###178#-25#####213-#### to the role, db_owner, in the database, Profile DB.               

w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Database 944r         High        Adding S-1-5-21-####93##-345###178#-25#####213-#### to the role, db_owner, in the database, Sync DB.  

w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Database 944r         High        Adding S-1-5-21-####93##-345###178#-25#####213-#### to the role, db_owner, in the database, Social DB.

w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Database 944r         High        Adding S-1-5-##-146#####74-####581781-2#####213-1### to the role, db_owner, in the database, Profile DB. 

w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Database 944r         High        Adding S-1-5-##-146#####74-####581781-2#####213-1### to the role, db_owner, in the database, Sync DB.    

w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Database 944r         High        Adding S-1-5-##-146#####74-####581781-2#####213-1### to the role, db_owner, in the database, Social DB.  

 

12)   We finish up by provisioning the UPA service application Proxy & updating the Proxy Group.

w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject UserProfileApplicationProxy Name=UPASrvAPP. Version: 4750 Ensure: False, HashCode: 56602301, Id: d72a5832-4fc7-4b8e-9ce7-5798b30d936c,
Call Stack:
at Microsoft.SharePoint.Administration.SPPersistedObject.BaseUpdate()
at Microsoft.Office.Server.Administration.UserProfileApplicationProxy.Provision()

w3wp.exe (0x13AC)                0x1364    SharePoint Foundation           Topology 8xqz         Medium  Updating SPPersistedObject SPServiceApplicationProxyGroup. Version: 4275 Ensure: False, HashCode: 30854021, Id: c629550c-1fbe-4ee2-b81d-bf497578b683,
Call Stack:
at Microsoft.SharePoint.Administration.SPPersistedObject.BaseUpdate()
at Microsoft.SharePoint.Administration.SPServiceApplicationProxyGroup.Update()
at Microsoft.SharePoint.Portal.UserProfiles.AdminUI.NewProfileServiceSettingsPage.DoCreateApplication()
at Microsoft.SharePoint.Portal.UserProfiles.AdminUI.NewProfileServiceSettingsPage.OnOkButtonClick(Object sender, EventArgs e)     at System.EventHandler.Invoke(Object sender,

 

Start the “User Profile Synchronization Service”

NOTE:

1.       Owstimer.exe is the process that we use while starting the “User Profile Synchronization Service”.

2.       Identity Lifecycle Manager (ILM) is Microsoft Identity Lifecycle Manager Synchronization (formerly known MIIS or Identity Integration Server).

 

When we start the “User Profile Synchronization Service” from Central Administration,

1)      We begin with enabling the “User Profile Synchronization Service” in the services panel.

OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           erx1         Medium  Provisioning service instance User Profile Synchronization Service.
OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           erx2         Medium  The service instance User Profile Synchronization Service is successfully provisioned.            

After provisioning the service, we start the setup for the UPA Sync by starting the FIM service.  We start the Windows Service “Forefront Identity Manager Synchronization Service” C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Bin\miiserver.exe and also update account details under which this service runs.

OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           9i1s         Medium                UserProfileApplication.SynchronizeMIIS: Begin setup for 'UPASrvApp'.

Now, you will observe “ILM Configuration:” in the logs, this shows that the configuration is happening within the FIM component. The logging for this will be more detailed in the FIM logs. SharePoint just calls in FIM component to do the necessary configuration.

NOTE: Enabling Verbose logging for FIM related troubleshooting.

Edit the config file (C:\Program Files\Microsoft Office Servers\14.0\Service\Microsoft.ResourceManagement.Service.exe.config) and

Change
<source name="Microsoft.ResourceManagement" switchValue="Error,ActivityTracing">
to

<source name="Microsoft.ResourceManagement" switchValue="Verbose,ActivityTracing">

And also uncomment the Step1 and Step2 in the Configuration file.
Restart the FIM services and now you should see a file created
C:\Program Files\Microsoft Office Servers\14.0\Service\fimDiagnostics.svclog 

Reference: http://msdn.microsoft.com/en-us/library/ff357801.aspx#BKMK_enableDiagnosticTracing 

 

2)      We first start by validating the account (service account) that is used and then create the FIM groups.

OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           9i1y         Medium  ILM Configuration: Validating account.
OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           9i20         Medium  ILM Configuration: Validating the system groups

 

 image

 

3)      We setup the Windows Management Instrumentation (WMI) in this step which is used for User-based password change management.

OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           9i23         Medium  ILM Configuration: Setting up WMI               

 

4)      Setting the required permissions


In this process we update the service account for the both the FIM services and also update the registry. The registry value for registry key “ObjectName" changes from "LocalSystem" to "O14NETWORK\\spadmin". Here "O14NETWORK\\spadmin" which is the Service account.

OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           9i24         Medium  ILM Configuration: Setting required permissions           

 

5)      Additional actions that take place within ILM are,

 

OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           9i26         Medium  ILM Configuration: Create install config file
OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           9i28         Medium  ILM Configuration: Update source project
OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           9i29         Medium  ILM Configuration: Changing service account credentials
OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           d3bo        Medium  ILM Configuration: Setting policy for service account

OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           9i2a         Medium  ILM Configuration: Configuring database
OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           9q1e        Medium  ILM Configuration: Configuring XML file.

 

6)      OWSTimer.exe then restarts the FIM Synchronization Services.

OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           9i2b         Medium  ILM Configuration: Re-starting mms service
OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           9i2d         Medium  ILM Configuration: Checking mms service    

 

7)      We check for the FIM data (which is the SYNC database that was created earlier with the provisioning the user profile service application).
We can also get the details of the FIM DB from the registry "DatabaseName"="Sync DB"  

And then we start extending the schema of the SYNC database

OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           9q1f         Medium  ILM Configuration: Checking for existing FIM database.
OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           eee3        Medium  ILM Configuration: Building database.               

SQL Profiler trace will show the following: 


image

 

  1. 8)       We now configure the FIM certificate.  You can get to Certificate admin from Start Menu >>RUN>> Type MMC >>File Menu >> Add/Remove Snap-in >>Select Certificates>> Select Computer Account >> Local Computer>>Finish .

 

OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           9q1h        Medium  ILM Configuration: Configuring certificate.             

 

image

9)      We then update the FIMService & FIMSynchronizationService registry keys.

 

OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           9q1g        Medium  ILM Configuration: Configuring Registry keys.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FIMService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FIMSynchronizationService]

               

10)   We open the firewall ports for Resource Management services and the security token service.

OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           9q1j         Medium  ILM Configuration: Opening firewall ports.

               

We open ports for “ILM Web Service – RMS” (Port 5725).  Then we open “ILM Web Service – STS” (5726)
"ResourceManagementServiceBaseAddress"=http://localhost:5725
"SecurityTokenServiceBaseAddress"="http://localhost:5726"

 

11)   Next we start the “Forefront Identity Manager Service”.

 

OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           9q1k        Medium  ILM Configuration: Starting services.

“Forefront Identity Manager Service”
C:\Program Files\Microsoft Office Servers\14.0\Service\Microsoft.ResourceManagement.Service.exe

 

12)   Next is “Post setup configuration”

OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           d3bp        Medium  ILM Configuration: Post setup configuration.


Here we use the miiskmu.exe (MIISkmu: Encryption Key Management Tool) to export the encryption key.

OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           g4bk        High        Synchronization database was not previously initialized. Exporting the encryption key from the registry key to the database
OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           g4bm       High        ILM Configuration: The ExportMiisEncryptionKey process completed successfully   

 

13)    We then update the Management Agents that are created and also the credentials for these agents. We can view the Agents created using the MIISClient.exe tool.

OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           g136        Medium  UpdateILMMA: Updated 'ILMMA' credentials
OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           g12z        Medium                UpdateStoreAndCredentialsForInitialManagementAgents: ILMMachine O14MSS-SRV, Username O14NETWORK\spadmin
OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           g131        Medium                UpdateStoreAndCredentialsForInitialManagementAgents: Updated 'MOSS-31204da1-48ba-4e23-9833-e59e100c2fb1' credentials 

 

Quick look at the MIISClient.exe and you can see that we have created a Connection in the management Agent of type “Extensible connectivity”.
Note : MiisClient.exe is located here - Drive Letter :\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell

 

image

 

OWSTIMER.EXE (0x0A44)      0x0BC0    SharePoint Portal Server        User Profiles           9i1u         Medium                UserProfileApplication.SynchronizeMIIS: End setup for 'UPASrvApp'. 

               

Once the two Forefront services namely “Forefront Identity Manager Service “& “Forefront Identity Manager Synchronization Service” have started, the UPA service application is provisioned successfully . At this point we need to go to Central Admin & Open up the UPA service application to confirm if it opens up fine.

 

image

List of Services & Applications involved during this configuration:

Miiserver.exe

Forefront Identity Manager Synchronization Service - FIMSynchronizationService

Microsoft.ResourceManagement.Service.exe

Forefront Identity Manager Service – FIMService

Miiskmu.exe

Encryption Key Management Tool

Exports the Microsoft® Forefront Identity Manager (FIM) 2010 security encryption key to a binary file

Tools\Microsoft.ResourceManagement.ServiceConfiguration.PreparationUtility.exe

 

 

Preparation Utility & Utility tools are used while provisioning the UPA Sync Services

 

Tools\Microsoft.ResourceManagement.ServiceConfiguration.Utility.exe

 

 

References:

Configuring UPA:

1)      Plan for profile synchronization (SharePoint Server 2010)

Directory services supported in SharePoint Server 2010

Permissions

Synchronization connection filters

Profile properties